We have a Windows Server 2003 two-node cluster that we're using for home folders and regular shared folders for our users. I come from a Novell background, so, am used to stopping users from being able to change rights to their home or shared folders, yet still do anything they want IN their folders, and, I need to be able to do the same using NTFS permissions.
I also need to run Disk Quotas, to limit each user to a certain amount of file storage. These two wants seem mutually exclusive.
I understand to stop users from changing file permissions, I just need to remove the Atomic Right Change Permissions, but, I also understand that if a user Owns a file or folder, then they can do anything they want to the permissions of that file or folder, and, unless they own their files, Disk Quotas has nothing to count.
What's the answer?